Routing OpenVPN user traffic over IPSec to Dest network

Routing and Multi WAN
Log in to reply
  • A

    I have users VPN'ing in using openvpn to a pfsense box at a remote site. That remote site is connected to a production network over ipsec.

    I can't get traffic from the OpenVPN interface over to the ipsec interface. I see icmp packets hitting the openvpn interface heading towards the subnet that's on the other side of the ipsec tunnel, but the packets never show up in the ipsec tunnel capture.

    I'm pushing a route as "route 10.16.8.0 255.255.252.0" which is the destination network on the other side of the ipsec (the prod network side). I have a static route enabled in pfsense for that traffic to go over the wan gateway.

    What am I missing?

    0
  • jimp
    Rebel Alliance Developer Netgate

    As long as the OpenVPN client has routes, and the IPsec tunnel has a Phase 2 entry that covers the OpenVPN tunnel/client network then it should work OK. Also may need adjustments to IPsec firewall rules on the far side, and to make sure there are no conflicting networks, etc.

    0
  • M

    You also need to add a firewall rule to the IPSEC interface (On both ends) that allows traffic to/from the OpenVPN network.

    Also sharing IP addresses with us means nothing without a network map.

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy